Skip to content

Commit

Permalink
Merge pull request #4134 from nextcloud/fix/skip-disable-download-29
Browse files Browse the repository at this point in the history
[stable29] Fix asset download checks
  • Loading branch information
elzody authored Oct 17, 2024
2 parents ea3c66f + b62f7c3 commit 71e084d
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
18 changes: 18 additions & 0 deletions lib/Controller/AssetsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

namespace OCA\Richdocuments\Controller;

use OCA\Files_Sharing\SharedStorage;
use OCA\Richdocuments\Controller\Attribute\RestrictToWopiServer;
use OCA\Richdocuments\Db\AssetMapper;
use OCA\Richdocuments\Service\UserScopeService;
Expand All @@ -35,6 +36,7 @@
use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\Files\NotFoundException;
use OCP\Files\NotPermittedException;
use OCP\IRequest;
use OCP\IURLGenerator;

Expand Down Expand Up @@ -73,8 +75,24 @@ public function create($path) {

try {
$node = $userFolder->get($path);

if (!($node instanceof File)) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}

$storage = $node->getStorage();
if ($storage->instanceOfStorage(SharedStorage::class)) {
/** @var SharedStorage $storage */
$share = $storage->getShare();
$attributes = $share->getAttributes();
if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
throw new NotPermittedException();
}
}
} catch (NotFoundException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
} catch (NotPermittedException $e) {
return new JSONResponse([], Http::STATUS_FORBIDDEN);
}

$asset = $this->assetMapper->newAsset($this->userId, $node->getId());
Expand Down
5 changes: 5 additions & 0 deletions src/view/FilesAppIntegration.js
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,11 @@ export default {

getFilePickerBuilder(t('richdocuments', 'Insert image from {name}', { name: OC.theme.name }))
.setMimeTypeFilter(['image/png', 'image/gif', 'image/jpeg', 'image/svg'])
.setFilter((node) => {
const downloadShareAttribute = JSON.parse(node.attributes['share-attributes']).find((shareAttribute) => shareAttribute.key === 'download')
const downloadPermissions = downloadShareAttribute !== undefined ? (downloadShareAttribute.enabled || downloadShareAttribute.value) : true
return (node.permissions & OC.PERMISSION_READ) && downloadPermissions
})
.addButton({
label: t('richdocuments', 'Insert image'),
callback: (files) => {
Expand Down

0 comments on commit 71e084d

Please sign in to comment.